Topic Information Award/Contract Number Proposal Information Company Performance

Security Systems Video/Audio Interoperability Device

HSHQDC-16-C-00049 HSHQDC-16-R-00012-H-SB016.1-001-0007-I
(HSHQDC-16-R-00012 Phase I)
A Secure, Mobile Machine-to-Machine (M2M) Internet-of-Things (IoT) Video/Audio Interoperability Device (VAID)

BALFOUR Technologies LLC
510 Grumman Road West
Suite 212
Bethpage, NY 11714-3631


In an emergency or special event, First Responders need to leverage existing/available video and audio feeds from surveillance systems already deployed at the site. This audio/video connectivity must be achieved rapidly and easily as first responders arrive, and should also include access to valuable mobile/wireless audio/video feeds that become available during the emergency/event. Balfour Technologies proposes to develop a video/audio interoperable device (VAID) that first responders can deploy on-site that will: (A) strongly authenticate users and connect to commonly deployed/existing surveillance camera systems; (B) discover and stream live and archived audio/video from existing surveillance cameras; (C) securely broadcast this audio/video in realtime to first responders and emergency managers on-site or in remote/mobile command centers; (D) provide an easy-to-use user interface to configure, manage, control, record, and view these camera streams in a common operating environment (where additional features such as geo-location, automated video analytics, etc. could be applied); and (E) dynamically connect to and capture live mobile/wireless audio/video (i.e. from smartphones) that becomes available during the event. With Balfour's extensive past experience integrating many diverse surveillance systems over the past decade, this VAID innovation will be able to be rapidly implemented incrementally and initially deployed within months. Commercially, every federal/local/state first responder group (fire, police, security) should have a VAID system to quickly acquire interior surveillance video/audio feeds during fires, active shooters, etc. emergency situations. And security groups for every large/multi-campus organizations with a mix of surveillance systems at various locations/buildings can benefit from utilizing VAID systems.

Malware Prediction for Situational Understanding and Preemptive Cyber Defense

HSHQDC-16-C-00071 HSHQDC-16-R-00012-H-SB016.1-003-0006-I
(HSHQDC-16-R-00012 Phase I)
Malware Prediction

GrammaTech, Inc.
531 Esty Street
Ithaca, NY 14850-4201


GrammaTech will create the CodeSurfer/INSIGHT tool to address the problem of understanding the evolution of malware characteristics and anticipating future malware evolution. INSIGHT will build on these capabilities: (a) GrammaTech's binary analysis tools as enhanced during the DARPA RAPID project, extending it with more sophisticated component identification, type inference, representations of software structure, and improved similarity detection in malware and obfuscated code; (b) GrammaTech's ongoing contributions to the DARPA MUSE project, using its features, similarity and search algorithms, and high-capacity database for storing and retrieving information about malware, extended with new features based on INSIGHT's improvements in binary analysis; (c) GrammaTech's experience in MUSE with feature extraction and pattern recognition specifically applied to code structure of binaries; and (d) the open source repositories of malware and the data and insights produced in the DARPA CyberGenome project. The result will be a tool that automatically extracts characteristics and aggregate features of a collection of malware, identifying malware families, trends, cross-fertilization, and evolutionary directions. These will provide a human analyst insight into the evolution and relationships within a corpus of binary executables, malware in particular. Both government and commercial clients will use the tool to help anticipate threats to their organizations and infrastructure. Non-malware applications include identifying code borrowing for license tracking, detecting instances of insider threat, and determining differences among different versions of software.

Malware Prediction for Situational Understanding and Preemptive Cyber Defense

HSHQDC-16-C-00072 HSHQDC-16-R-00012-H-SB016.1-003-0020-I
(HSHQDC-16-R-00012 Phase I)
Hybrid Prediction for Embedded Malware

Red Balloon Security
336 West 37th Street Suite 1024
New York, NY 10018-4592


Predicting malware trends and designing defenses to defeat the next generation of malware is difficult but necessary in order to significantly increase the cost to attackers of developing malware and executing successful attacks. Without such malware trend predictions, we will continually be defending against yesterday's attacks and will remain unprepared for new threats. Embedded devices are becoming the next target for attackers as traditional workstations and servers become more secure. We will create a hybrid approach toward embedded device malware trend prediction. Our approach targets both long-term malware trend prediction utilizing attack graphs and short-term approaches monitoring malware and capturing forensic data to provide real-time predictions. A hybrid of short-term and long-term approaches offers many benefits. Captured samples would confirm or better inform the long-term predictions of what evasions and attack paths malware uses. Long-term predictions would enable advanced defenses to be prepared to capture malware samples. Our hybridized predictive malware trending scheme will significantly increase situational awareness into both short-term and long-term attack trends. Furthermore, our output will enhance embedded attack incidence response capabilities at an enterprise level and predict future attack trends at both tactical and strategic time scales.